'use strict'

module.exports = async (c, next) => {

  let token = c.headers.authorization || c.query.token

  if (!token) {
    return c.status(403).send('TOKEN NULL')
  }

  let r = c.service.tok.verify(token)

  if (!r.ok) {
    return c.status(403).send(r.errcode)
  }

  //把成功验证后解密的用户数据放在c.box中
  c.box.user = r.data

  await next()

}